/**
* Loads a template given any path. The path is in the format:
* viewname/templatename
*
* @param string $path The template path
* @param array $forceParams A hash array of variables to be extracted in the local scope of the template file
*
* @return string The output of the template
*
* @throws \Exception When the layout file is not found
*/
public function loadAnyTemplate($path = '', $forceParams = array())
{
$template = \Awf\Application\Application::getInstance()->getTemplate();
$layoutTemplate = $this->getLayoutTemplate();
// Parse the path
$templateParts = $this->parseTemplatePath($path);
// Get the default paths
$templatePath = $this->container->templatePath;
$paths = array();
$paths[] = $templatePath . '/' . $template . '/html/' . $this->input->getCmd('option', '') . '/' . $templateParts['view'];
$paths[] = $this->container->basePath . '/views/' . $templateParts['view'] . '/tmpl';
$paths[] = $this->container->basePath . '/View/' . $templateParts['view'] . '/tmpl';
$paths = array_merge($paths, $this->templatePaths);
// Look for a template override
if (isset($layoutTemplate) && $layoutTemplate != '_' && $layoutTemplate != $template) {
$apath = array_shift($paths);
array_unshift($paths, str_replace($template, $layoutTemplate, $apath));
}
$filetofind = $templateParts['template'] . '.php';
$this->_tempFilePath = \Awf\Utils\Path::find($paths, $filetofind);
if ($this->_tempFilePath) {
// Unset from local scope
unset($template);
unset($layoutTemplate);
unset($paths);
unset($path);
unset($filetofind);
// Never allow a 'this' property
if (isset($this->this)) {
unset($this->this);
}
// Force parameters into scope
if (!empty($forceParams)) {
extract($forceParams);
}
// Start capturing output into a buffer
ob_start();
// Include the requested template filename in the local scope
// (this will execute the view logic).
include $this->_tempFilePath;
// Done with the requested template; get the buffer and
// clear it.
$this->output = ob_get_contents();
ob_end_clean();
return $this->output;
} else {
return new \Exception(\Awf\Text\Text::sprintf('AWF_APPLICATION_ERROR_LAYOUTFILE_NOT_FOUND', $path), 500);
}
}
/**
* Provides CSRF protection through the forced use of a secure token. If the token doesn't match the one in the
* session we die() immediately.
*
* @return void
*
* @throws \Exception
*/
protected function csrfProtection()
{
$isValidToken = false;
$tokenValue = $this->container->session->getCsrfToken()->getValue();
$token = $this->input->get('token', '', 'raw');
if ($token == $tokenValue) {
$isValidToken = true;
} else {
$altToken = $this->input->get($tokenValue, 0, 'int');
$isValidToken = $altToken == 1;
}
if (!$isValidToken) {
throw new \Exception('Invalid security token', 500);
}
}